package com.qf.shiro.user.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/order")
public class OrderController {
        @GetMapping("/manager")
        public String manage(){

            //获取shiro当前用户对象
            Subject subject = SecurityUtils.getSubject();

            if (subject.isPermitted("order:get")){
                System.out.println("1");
            }
            //检查当前用户是否有admin角色
            if (subject.hasRole("admin")){

                return "redirect:/order.html";
            }else {
                return "redirect:/login.html";
            }
        }


       // @RequiresRoles(value={"admin","user"})//用来判断角色  同时具有 admin user
        @RequiresPermissions("order:get") //用来判断权限字符串
        @RequestMapping("save")
        public String save(){
            System.out.println("进入方法");
            return "redirect:/order.html";
        }


    }
